Skills
skills/ruvnet/claude-flow/adr-index/Gen Agent Trust Hub

adr-index

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local script node plugins/ruflo-adr/scripts/import.mjs. This script is responsible for parsing documentation files and indexing them into a memory store.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes content from the project's ADR files.
  • Ingestion points: Reads files from */docs/adr/ and */docs/adrs/ (SKILL.md).
  • Boundary markers: None observed in the parsing logic description.
  • Capability inventory: Uses Bash to run node scripts and utilizes MCP memory tools for storage and search (SKILL.md).
  • Sanitization: Employs regex to strip issue/PR/commit references to ensure edge-detection accuracy, but does not implement security-specific sanitization of the processed text content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:23 PM
Security Audit — agent-trust-hub — adr-index